Lucene search
GoogleOSV:GHSA-J593-H5V3-45X6HistoryDec 27, 2022 - 3:30 p.m.
usememos/memos may leak user information to an authenticated user
2022-12-2715:30:19
Google
osv.dev
10
usememos
memos
user information leakage
software
patch available
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
20.3%
usememos/memos 0.9.0 and prior has endpoint that leaks user information like names, email, role, and OpenID to an authenticated user. A patch is available at commit 05b41804e33a34102f1f75bb2d69195dda6a1210 on the main branch.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/usememos/memos | lt | 0.9.1 |
Related
veracode
veracode
Information Disclosure
2023-01-03 09:56:37
prion
prion
Input validation
2022-12-27 15:15:00
github
github
usememos/memos may leak user information to an authenticated user
2022-12-27 15:30:19
nvd
nvd
CVE-2022-4734
2022-12-27 15:15:12
osv
osv
CVE-2022-4734
2022-12-27 15:15:12
huntr
huntr
Email exposure of users to an authorized user
2022-12-22 19:59:22
cve
cve
CVE-2022-4734
2022-12-27 15:15:12
cvelist
cvelist
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
20.3%
Related for OSV:GHSA-J593-H5V3-45X6